Our shrinking world forces all of us to be constantly thoughtful of the need to protect our own identity and know with certainty the identities of those with whom we trust our wealth, our privacy, and our security.Â Protecting oneâ€™s identity depends both on personal effort and on the practices, policies, and systems of the organizations to which one entrusts personal information.Â Individuals must exchange identity information and personal data almost daily with other individuals and with organizations.Â People constantly risk losing control of identity information and must rely on the entities that share the information to protect it.

With the increasing incidence of identity theft and increasing awareness of both the tangible and intangible costs to society of weak identity systems, individuals and organizations are taking more aggressive steps to secure personal information and to implement identity systems that improve identity verification processes.Â Â

To design and implement secure identity systems, organizations must think through the entire identity process and chain of trust.Â A complete identity solution must include policies, procedures, and practices that implement the desired level of security and that describe how people interact with the identity system.Â The solution must start with accurate vetting of the individualâ€™s identity and follow with identity verification processes that provide secure, authorized access to identity information.Â The technology selected is also critical; technology in general, and smart cards and biometrics in particular, are powerful tools that can help achieve overall system goals and enforce adherence to the chosen privacy and security policies.

This white paper was developed by the Smart Card Alliance Identity Council to provide a high-level discussion of the top 10 challenges associated with current identity systems.Â The paper covers a range of topics and offers perspectives on how the most critical identity issues can be addressed with policy, process, and technology solutions.Â The topics include the following:

Â·Â Â Â Â Â Â Â Â Discussing the actions government, businesses, and individuals can take to prevent identity theft and describing the role of technology in preventing theft.

Â·Â Â Â Â Â Â Â Â Analyzing the challenges posed by breeder documents and discussing potential solutions that could lead to more accurate proofing of an individualâ€™s identity.

Â·Â Â Â Â Â Â Â Â Discussing how a secure identity can be created and used throughout the identity life cycle.

Â·Â Â Â Â Â Â Â Â Defining the different types of identity credentials and offering guidance on key considerations for using a credential for multiple applications.

Â·Â Â Â Â Â Â Â Â Describing how new technologies are being used to verify an individualâ€™s identity in the online world.

Â·Â Â Â Â Â Â Â Â Defining how biometric technology is used in identity systems to bind an individual to an identity credential and verification event.

Secure, trusted identity systems will result only if policy, process, and technology issues are considered when new systems are being designed.Â The Identity Councilâ€™s goal is to provide guidance on important identity issues, thereby helping policy-makers and implementing organizations understand how smart card and related technologies can best be applied to deliver the benefits of secure identity.Â

The Identity Council welcomes input from government, businesses, and the public.Â For additional information about Council activities, please visit http://www.smartcardalliance.org.

Many studies have attempted to define what a personâ€™s identity is.Â Some consider identity to be part of an individualâ€™s personality; others consider identity to be the characteristic that defines individuality and distinguishes one individual from another.Â This paper defines identity as the distinguishing characteristics that determine unequivocally that a person is who that person claims to be.Â

Human beings classify their surroundings by assigning names to the components of those surroundings.Â Everything has a name and everybody has a name.Â Naming is our way of ordering our world so that we can correctly address something or somebody.Â Knowing a personâ€™s name allows us to associate an identity with them, which in turn allows us to recognize whom we are dealing with and tell them apart from others.

Although people may want to maintain public anonymity, such anonymity is difficult to achieve.Â It is nearly impossible to maintain anonymity and operate in modern society.Â Birth certificates record our entry into society; Social Security numbers identify us to our government.Â We have passports to attest to our identity and citizenship; we have driverâ€™s licenses to show that we are considered competent to operate a motor vehicle.Â Each of these identity documents conveys our claimed identity to society for a specific purpose.Â Collectively, these documents form a series of reference points that attest to our identity.Â When we desire to achieve some form of anonymity, we use â€œpersonasâ€ to represent us to a community where we wish to be less identifiable.Â For example, many people use personas on the Internet.Â By creating a â€œhandleâ€ or username in a web community, we can be invisible or not identifiable to some degree.Â Ultimately, however, the same individual is behind a real-world identity and the persona that the individual uses.Â Personas are simply a projection of a pseudo-identity masking the individualâ€™s actual identity.Â In many cases a persona may not be deemed sufficient identification to undertake activities such as financial transactions and therefore have limited use.

Although different people may define privacy differently, everyone would agree that it is important.Â Another critical point is the recognition that individuals should be in control of their identities.Â Personal choice should determine whether an individual discloses identity information.Â However, non-disclosure of oneâ€™s identity may mean denial of a service to that individual.Â For example, the REAL ID Act of 2005 defines the requirements for identity proofing by states, who must issue compliant driverâ€™s licenses starting in 2008.Â The Act requires U.S. citizens who wish to access services such as flying on airplanes to present themselves and a compliant government-issued ID.Â Without such an ID, they will not be permitted to fly.

Identity is clearly a valuable commodity to an identity thief or a terrorist.Â By stealing another personâ€™s identity, somebody can cause a great deal of financial harm or gain access to services to which the thief is not entitled.Â Stronger ways of assuring and trusting identity are needed to prevent such theft.

Identity programs already affect how our society operates today.

Â·Â Â Â Â Â Â Â Â Many countries are beginning to issue electronic passports that include a smart card chip.Â These ePassports will deliver the passport holderâ€™s identity credential to an official accurately and securely.Â Such capabilities will make it more difficult to commit passport fraud or masquerade as somebody else.Â Passports will become a highly trusted credential for a citizen.Â Similarly, proposals are being considered for identity cards for citizens who routinely cross U.S. land borders.Â These proposals include requiring a biometric identifier, to ensure that the person presenting the card is truly the owner of the card.Â

Â·Â Â Â Â Â Â Â Â The U.S. Government is committed to satisfying President Bushâ€™s Homeland Security Presidential Directive 12, which requires all government employees and contractors to be issued a credential that will be interoperable across the entire Federal government.Â By October 2006, every agency is required to start issuing smart card-based identity cards conforming to Federal Information Processing Standard 201.Â Biometric identifiers will form the foundation for identity verification.Â With the use of smart card technology and privacy-enhancing biometric templates, the personâ€™s biometric can be matched locally, either on the card itself or in the local terminal, eliminating the need to go online to biometric databases for every verification.Â

Â·Â Â Â Â Â Â Â Â Plans to issue identity cards to frequent, trusted travelers is another example of how a personâ€™s identity will be presented to gain access to a specific service â€“ in this case, access to expedited security check lines at airports.Â These cards are also likely to include biometric identifiers to bind the user to their credential.

Identity presentation is one of the most important aspects of modern society and is an important part of a personâ€™s life.Â As we embrace the information age, where data is a valuable commodity, it is essential to use adequate security techniques to preserve each personâ€™s identity and privacy.Â

A citizen is entitled to identity protection.Â A personâ€™s identity should remain private and be disclosed in a secure and trusted form only when the person chooses and only to whom the person chooses.Â The party receiving the presented identity should be able to verify that the person presenting the identity is the person entitled to present it, and the credential itself should be authenticated.Â Once we establish a chain of trust for identity, many areas of our society will benefit.Â Electronic commerce (ecommerce) can become a trusted transaction environment.Â The nationâ€™s transportation infrastructure will become secure, as travelers are better identified, making it exponentially harder for a terrorist to gain entry using a false identity.Â

The Smart Card Alliance recognizes the importance of identity in society and the critical need to protect it and be able to trust it.Â Smart card technology has proven itself to be a valuable tool for achieving these goals.

In the following pages we explore 10 of the main identity challenges facing our society today.Â

Identity theft is the appropriation of another personâ€™s personal information without permission in order to commit fraud, to steal the personâ€™s assets, or to pretend to be the other person.Â Identity theft is the fastest-growing crime in the United States, according to the U.S. Federal Trade Commission (FTC).Â Between January and December 2004, Consumer Sentinel, the complaint database developed and maintained by the FTC, received over 635,000 consumer fraud and identity theft complaints.Â Consumers reported losses from fraud of more than $547 million.Â

There are many types of identity theft, and many stakeholders besides the perpetrator and the victim are involved in identity theft.Â Identity theft affects all of society.Â

Â·Â Â Â Â Â Â Â Â Professionals, who work independently or as part of an organized group.

There are many ways to commit identity theft, some simple and some very sophisticated.Â Simple methods are used mostly by persons close to the victim and by amateurs.Â The most common simple methods are dumpster diving and social engineering. Â Dumpster diving is the practice of rummaging through garbage for a consumerâ€™s personal information.Â Dumpster divers rely on the fact that people are not aware of the value of the information they possess and are careless about protecting and discarding it.Â Social engineering methods generally use techniques that rely on human interaction to trick people.Â A perpetrator might try to gain the confidence of a colleague and then ask to â€œborrowâ€ their user ID and password to access a secure network, or they might impersonate a utility representative and call an unsuspecting customer to â€œverifyâ€ the Social Security number associated with the account.Â There are countless examples of these simple methods, and even in todayâ€™s environment, they remain very successful.

Professionals use both simple and sophisticated methods to steal identities but tend to focus on methods that can be automated since such methods can be less time-consuming and more profitable.Â These automated methods are usually technology-driven and include techniques such as skimming, hacking, phishing, and pharming.

Â·Â Â Â Â Â Â Â Â Skimmingis the practice of stealing credit card information by capturing it in some form of card reader.Â The thief employs methods such as swiping the credit card a second time during an actual purchase or attaching a reader to an ATM machine where the card is swiped.Â Skimming occurs infrequently because of the technology required, but when it does occur, damages can be substantial.

Â·Â Â Â Â Â Â Â Â Hackingis the act of gaining illegal or unauthorized access to a computer system or network. Hacking is the most commonly used method for stealing an identity.Â Spyware on a computer can be considered hacking, even though the user may have authorized installation of the spyware.Â Spyware is defined as programs such as keystroke loggers and screen capture utilities, installed by a third party to monitor and observe online behavior or capture passwords and other information.Â Applications such as adware install themselves surreptitiously through â€œdrive byâ€ downloads or by piggybacking on other applications.Â They track usersâ€™ behaviors and take advantage of their Internet connection. Â Users often unknowingly authorize spyware to be installed by clicking on the â€œYesâ€ button at the bottom of an end user license agreement.

Â·Â Â Â Â Â Â Â Â Phishing is a cyber attack that directs people to a fraudulent website to collect personal information.Â A common phishing scam is to send an email message asking a user to update an account.Â The perpetrator uses an attractive lureâ€”protecting privacyâ€”and then asks users to verify their accounts by clicking on a convenient hyperlink.Â A phishing scam may also lure an individual by sending an alarming message stating that a desired service is about to be terminated.Â Phishers often use the services of spammers to reach the widest number of possible targets.Â There have been literally thousands of phishing scams on the Internet.

Â·Â Â Â Â Â Â Â Â Pharmingis a cyber attack that involves a combination of ploys such as phishing, viruses, spyware, and domain name system (DNS) server cache-poisoning or spoofing.Â Pharming directs people to a fraudulent website by poisoning the DNS server so that web requests are redirected.Â Victims think they are entering personal information on a legitimate site when in fact they are not.Â A pharming site will often forward the web request on to the legitimate site so users see their real data. Â By monitoring the traffic between the user and the intended site, a pharmer can eavesdrop on personal information and even manipulate transactions.

The Federal government and many state and local jurisdictions are passing laws and regulations requiring businesses to take certain actions against identity theft and to establish guidelines for notifying consumers when data breaches may have occurred.Â Governments are promoting consumer education and resources for preventing and, where necessary, recovering from identity theft.

Identity theft causes substantial financial harm to private industry.Â Businesses incur costs to implement identity theft prevention measures and to replace the losses suffered by the victims of identity theft.Â These costs are absorbed by the industry and by insurance companies, but eventually they are passed on to the consumer in the form of higher prices for products and services, higher fees, and higher interest rates.Â Different industry sectors are tackling this problem in the manner most appropriate for that industry and for the specific patterns of theft.Â Being proactive, staying ahead of the professionals, and being current and diligent in security and privacy protections are critical.Â

Technology measures can prevent some types of identity theft.Â Businesses can require multi-factor authentication (two indisputable sources or elements that must be supplied to verify a personâ€™s identity).Â Smart card-based implementations can be adopted, such as subscriber identification modules, which prevent cloning of phones and have eliminated telephone theft/fraud, or smart card-based employee IDs, which provide strong authentication, are difficult to counterfeit, and are tamper-resistant.Â Human intervention and resistance are required to successfully attack non-technical methods of identity theft such as dumpster diving and social engineering.Â In the case of dumpster diving, for example, a paper shredder can be used to destroy paper bills.

Consumers should be aware of their rights and responsibilities for protecting themselves and request a free copy of their credit report.Â In the U.S., a recent amendment to the Federal Fair Credit Reporting Act requires that the national consumer reporting companies (Equifax, Experian, and TransUnion) provide consumers with a free copy of their credit report, upon request, once every 12 months.Â Consumers need to make this request through the FTC website, as this is the only authorized online source.Â Consumers are urged to monitor their reports routinely for unusual activity.Â Consumers are also encouraged to be proactive:

As the result of legislation and the threat of litigation, both the public and private sectors are instituting new policies and practices designed to protect identities, ensure privacy and control access to identity information.

Protecting oneâ€™s identity depends both on personal efforts and on the practices, policies, and systems of those organizations to which a person entrusts personal information.Â Daily life requires individuals to interact with other individuals and with organizations and, in the process, to exchange identity and other personal information.Â People constantly risk losing control of identity information and must rely on the entities that share the information to protect it.

The increasing incidence of identity theft has led to an increasing awareness of the need to protect identity information.Â As a consequence, both individuals and organizations are taking more aggressive steps to secure personal information.Â Concurrently, a number of laws and regulations have been put in place to ensure that personal information is protected and secured.Â The threat of litigation and financial penalties are motivating organizations and individuals to institute appropriate mitigating measures.

A number of new U.S. Federal and state laws and regulations have recently passed (or are pending) that address the risk associated with organizations not adequately protecting the identity data in their custodial care.Â These mandates address policy and business practices as well as ensuring that appropriate operational and information technology security measures are instituted.

One piece of legislation that was recently passed specifically to address the identity theft issue is the California Security Breach Information Act (SB 1386), which requires commercial organizations to notify their customers whenever they suspect the security of a customerâ€™s data has been compromised.Â This notification is required regardless of whether there is evidence that an individualâ€™s data file has actually been compromised.Â The Act also requires across-the-board notification if only one personâ€™s file has been affected.Â The consequences for not complying with the notification requirement include financial penalties, negative publicity, and the risk of multiple civil lawsuits.Â These negative consequences create a strong incentive for affected companies to comply with the law.Â A bill has been introduced in the U.S. Congress modeled after the California law. Â The bill is still in conference but could become law sometime over the next few years.

Other laws that directly affect privacy protection in the U.S. include Sarbanes-Oxley, Gramm-Leach-Bliley, and the Health Insurance Portability and Accountability Act.Â The common theme of all these laws is that sensitive information, be it personal, medical, or corporate financial, needs to be protected to prevent restricted or private data from being accessed by unauthorized individuals or organizations.

More corporations and private sector organizations are modifying their business practices, operations, and policies to enforce the protection and appropriate use of private data.Â Certainly anyone who has a brokerage, banking, or credit card relationship with an institution has received privacy notices that describe how the institution protects and uses the private data entrusted to them to facilitate business-consumer transactions.Â

One hallmark of these policies is the assurance provided to individuals that their private information will be protected and used only to support the delivery of services; indeed, this type of assurance is often promoted as a differentiator between competing organizations.Â Polls show that security and protection of information are key reasons why consumers choose one business over another, and the private sector is catering to this concern by including it in marketing and advertising campaigns.

In addition to policies, corporations have implemented business practices and processes that authenticate the identities of the people with whom they transact business to ensure that imposters and fraudsters are not granted access to sensitive information.Â Examples include fingerprinting people when they cash checks, using multi-factor authentication for web-based and face-to-face transactions, and employing layered security techniques to assure correct and reliable enforcement of access control privileges.

The U.S. Federal government has also instituted a number of policies and regulations designed to protect privacy and heighten security for the storage and use of personal data which it protects as a custodian.Â A number of initiatives under such headings as E-Authentication, FISMA/GISRA, and the Privacy Act now govern how the government collects, uses, and stores identity information.Â New access controls are being instituted and enforced, for both internal access by employees and access by the citizenry, and security measures are being increased to ensure the protection and privacy of stored information such as Social Security records and medical files.

Often, government initiatives to protect data and ensure privacy have led the way for similar programs in the private sector.Â Because the government manages some of the largest databases and identity systems in the world and is under constant public scrutiny, it is not surprising that it is leading the way in implementing policies, practices and technologies designed to protect identity and enhance privacy.

Protecting oneâ€™s identity is not just the responsibility of governments and corporations.Â Individuals have an important role to play in protecting their own identities by taking appropriate, cautionary measures.Â There are a number of basic rules that individuals should follow, such as:

Â·Â Â Â Â Â Â Â Â Do not provide personal information to suspicious websites or individuals who contact you using email.Â The same rule also applies to telephone and mail communications.Â Thoroughly investigate and determine the authenticity and legitimacy of any person or organization that contacts you asking for personal identity information.

Â·Â Â Â Â Â Â Â Â Be cognizant of how your identity credentials are used; make sure that your driverâ€™s license, credit cards, and other credentials are not misused during transactions.Â Try not to let them out of your sight and maintain control of them to the fullest extent possible.Â

Identity is represented by an assortment of information that can be tied to that individual and that describes an individualâ€™s characteristics and uniqueness.

Who are we? In a societal context our identity is established through a series of events and relationships, starting with oneâ€™s birth, along with the resulting documentation.Â Our identity is represented to others through a patchwork of this identity documentation â€“ original paper documents (or copies), ID cards, driverâ€™s licenses, passports, and other types of credentials.Â In todayâ€™s world, managing these items and keeping them safe is an increasingly difficult challenge for all of us.Â

Technological and process solutions are available that can create more manageable and secure identity tools.Â Adopting these solutions can ease the fears we all have about identity theft and fraud and implement more efficient identity transactions.Â To understand these solutions, however, we must understand some of the challenges that underlie the concept of identity.

Identity is represented by an assortment of information that can be tied to that individual and that describes an individualâ€™s characteristics and uniqueness.Â An identity in this context is the information concerning the person, not the actual person.

An identity can be made up of many pieces.Â Some common components of identity are:

Identity systems have proliferated in todayâ€™s society.Â Some of these systems have developed into multiple-use identity systems while others remain essentially identity silos - single-use closed systems.Â The more applications a collection of identity information has and the more meaningful that information is to third parties, the more valuable that identity information becomes.Â The U.S. driverâ€™s license is an example of a multi-use identity tool.Â Its primary purpose is to prove driving status but it can also be used to provide evidence of identity when opening a bank account, buying alcohol, boarding an airplane, or applying for a job.Â Another example of a multi-use identity system is a major credit/debit card.Â Holders of these cards can use them to purchase goods and services almost anywhere in the world.Â Other collections of identity information have limited use and are essentially identity silos, such as healthcare cards, single-retailer discount or member cards, single retailer credit cards, and online subscriber account information.Â Although this identity information is more limited in scope than multi-use information, it is less likely that this identity information will be revealed outside of the system in which it is used.Â For example, healthcare information may be less likely to be divulged to those not needing to know if it is kept within one identity system.Â Of course, the problem of privacy is not solved by putting identity information in silos.Â It must be emphasized that identity information is only as secure as the system designed to manage that identity information.Â Identity information that is in a siloed system is less likely to be divulged outside the system only because it is used and transported less often than information in a multi-use identity credential.

Because it is important for individuals to maintain control over their private identity information, it is necessary to understand where the individual fits in the general identity system structure.Â There are generally three parties to an identity system:

Identity system members: The people who must use identity information to obtain privileges.Â For example, an individual uses the ID badge issued by an employer to enter a secure facility.

Identity system users: Organizations that rely on identities and credentials (banks, law enforcement, retailers).Â For example, an employer uses a personâ€™s driverâ€™s license or passport as proof of identity for a job application.Â

As we can see, the individual is indeed at the center of the identity system â€“ or maybe more aptly put â€“ stuck in the middle.Â With identity system providers responsible for collecting, verifying, and storing identity information, and identity system users clamoring to get access to this data, itâ€™s no wonder that individuals get nervous about their identity information.Â So what to do? Â Well, some of the main concerns that we all have regarding identity systems can be addressed by incorporating robust and auditable policies, practices and processes into our identity systems.Â The following are some guidelines to use when creating an identity system:

Â·Â Â Â Â Â Â Â Â Consent. Â Establish identity systems that enforce a policy of consent when transferring identity information.Â Identity systems should only reveal information identifying a person with the personâ€™s consent.Â The information should be limited to the information that is necessary to complete the transaction.

Â·Â Â Â Â Â Â Â Â Transparency.Â An individual should be able to â€œseeâ€ how identity information is being used.Â Although individuals may not be authorized to modify transaction information, both they and the entity they are interacting with are best served if the information is visible to them.Â Visible information creates a higher level of trust between the individual and the entity and also creates a feedback security loop to help individuals police the use of their identity information.Â (For example, credit card companies allow their customers to access a list of monthly transactions.Â Fraudulent credit card transactions are often reported by the customer.)

Â·Â Â Â Â Â Â Â Â Interoperability.Â Make the identity system interoperable, so that the individual can use the identity information broadly.

Â·Â Â Â Â Â Â Â Â Biometrics.Â Use biometrics as an integral part of the identity system, so that a person is physically associated with the identity information and the identity credential.

Â·Â Â Â Â Â Â Â Â Ease of use.Â Adopt ease of use as a primary design principle.Â The user experience should be simple and consistent.Â Automating transactions to reduce time and complexity is an important consideration.

When our governments consider the hazards and benefits of societyâ€™s adoption of a new technology protecting our identities, legislating against its use instead of making illegal its misuse will inevitably â€œthrow the baby out with the bath water,â€ depriving society of the technologyâ€™s benefits.

Our shrinking world compels individuals and societies to be constantly thoughtful of the need to protect our own identities and to know with certainty the identity of those with whom we trust our wealth, our privacy, and our security.Â When confronted with new opportunities for increased commerce, freedom of movement, communication, and knowledge, weâ€™ve almost always chosen to move forward and have repeatedly turned to technology to enable us to do so and to protect us against the threats accompanying these new opportunities.Â

All changes to the status quo entail costs and risks.Â The challenge is to find ways to make informed decisions about the costs, risks, and benefits of using new technologies to protect our identities.Â The process we use to evaluate new technologies is critical to achieving benefits from their adoption.

Reliable identification is critical to transactions between parties who have inadequate knowledge of each other.Â The success of such transactions relies on a trusted third party being able to vouch for the participantsâ€™ identities.Â Third-party testimonials are used in face-to-face transactions of all kinds and in remote transactions, such as purchases over the phone and the Internet.Â The identity credential issued by the third party must be portable; otherwise, we would constantly be relying on in-person validation like that performed by a notary, something that is inconvenient, costly, and time consuming.

Technology has been able to improve and protect our transactions with strangers and our personal information in a variety of ways.Â Technology makes such transactions faster, more secure, and more convenient (for example, contactless payment systems like American ExpressÂ® ExpressPay) and makes access to personal information more secure (for example, biometric authenticators like fingerprints and iris scans).Â Credentials containing our identities (for example, the new U.S. electronic passport containing a chip) are made more secure by using smart cards that employ the latest cryptographic methods to protect the data on the card and authenticate the entity accessing the data.Â Smart cards are also being used to protect access to our personal information over public and private networks.Â These are just a few examples of how technology is being used today to help individuals protect their personal information.

In our private lives, technological solutions for protecting our identities or increasing our ability to interact more easily with others are typically adopted incrementally.Â Trade-offs among security, privacy, convenience and cost are continually balanced and rebalanced by mechanisms of our free markets.Â Some people choose to adopt new technologies immediately, while others choose to wait until the technology is â€œproven.â€Â We decide when the time is right for each of us.

Currently, our society as a whole is faced with threats to its physical security posed by the falsification of identities at the state and Federal level, and government is charged with addressing these challenges.Â However, any technological solutions that are chosen to combat these threats cannot be imposed incrementally.Â The implications of implementing a new technology throughout an entire society are far reaching, and we need to understand and balance the tradeoffs between security, privacy, convenience, and cost immediately.

With technology becoming more prevalent and complex and with the pace of change accelerating, governments are struggling to keep up with new threats to their citizensâ€™ identities.Â Two legislative alternatives commonly considered in such situations are to:

Legislate against new technologies until they are adequately â€œprovenâ€ or deemed safe; or

Outlaw the willful misuse of new technologies, and legislate the responsibility for damages in the event of failures with no criminal intent.Â

The first approach carries the genuine risk of â€œthrowing the baby out with the bath waterâ€ and depriving society of the benefits of a new technology.Â The latter allows the benefits to accrue to society without locking in the status quo or selecting technological favorites that can result in stifling competition and increasing costs to society.

A new technology that protects our identities is by nature complex, and reaching a full understanding of its benefits, risks to citizensâ€™ privacy, and vulnerabilities is difficult.Â Only by involving a wide range of experts and balancing all the pros and cons can logical decisions be made.Â

Identity technologists â€“ to explain methods of operation, limits on performance, financial limits on enhancement, and types and likelihood of misuse.Â

Â·Â Â Â Â Â Â Â Â Privacy and consumer advocates â€“ to identify the risks associated with the use and possible misuse of a new technology.Â

Â·Â Â Â Â Â Â Â Â Policy experts â€“ to identify how the technology can and should be used procedurally.

Any decision reached without the involvement of all of these parties in an open forum will invariably result in skewed decisions that may deprive us of the proper benefits of the technology.

It is most important, however, to keep in mind that technology is merely one part of the solution to the problem of protecting our identities and validating them to others.Â The complete solution is a system that must include policies, procedures, and practices describing how people are to interact with the system.Â In the end, the strength of a system is only as great as the adherence by the people using the system to these policies and procedures.Â Technology in general, and smart cards and biometrics in particular, are powerful tools for enforcing adherence to policies and procedures.

A breeder document is so named because it is usually a source of identity to apply for (or breed) other forms of identity credentials.

A number of years ago, Australia embarked on a project to digitize all birth, death, and immigration records and maintain them centrally as electronic records.Â The thinking was "if you are here, you were either born here or you came here, and thus there should be a record on you."Â In the United States, an E-Government project known as E-Vital was initiated to digitize and make available some of the same kinds of records.Â However, only death records are currently (mostly) centralized and electronically stored, as a result of the Federal government paying the states to digitize death certificates.Â Progress on automating other vital records has beenÂ very slow.Â Birth, death, marriage, divorce, and other records may be both issued and maintained in multiple places.Â At best, such records are automated and maintained at the state level; at worst, they are not automated and are stored in counties across the country.

Australia is a good example to use to consider the concept of providing a secure and verifiable identity for every person in a country.Â Suppose that Australia decided to issue a national ID card to all of its residents.Â Australia certainly has the technology needed to produce a credential that could include biometrics, the issuerâ€™s digital signature, and PKI certificates.Â Such a credential could properly be viewed as very secure and be tied to the holder in a way that would make it very hard to counterfeit or alter.Â

By issuing such a credential, Australia would solve half the problem:Â a central database would confirm the existence and legal presence of every credential holder.Â The other half of the problem would remain unsolved, however: how to be certain that the person who presents a birth certificate or other â€œbreederâ€ document to obtain the credential is the true owner of that document.Â

The Australian example illustrates the obvious problem for the United States.Â The United States can automate a record system and put records in a central place.Â A central database can be queried to verify a personâ€™s existence and permit a very secure, biometrically linked credential to be issued.Â However, two very important things cannot be done:Â

The authenticity of the documents presented to establish identity cannot be validated.

The individual presenting a document cannot be tied to the document.Â

Most documents simply do not have enough built-in security to be verified, and few documents can be tied to the individual presenting the document.Â

In general, this problem is true of most of the documents used to establish identity in the United States, with the exception of the passport and the alien registration card.Â These documents, which are at the top of the identity food chain, are the product of an identity proofing or adjudication process and contain a variety of security features that can be authenticated and that make them virtually tamper-proof.Â

However, the identity vetting process that precedes issuance of even these documents relies on much less secure documents: birth certificates, driver's licenses, Social Security cards, and foreign passports.Â The acceptance of documents that may not be genuine or of genuine documents that are not the property of the presenter can result in the issuance of a highly secure credential to an individual other than the individual identified by the breeder documents and a false sense of security in the identity verification process.

Â

The United States has a breeder document problem that it is nowhere close to solving and that may not ever be solved.Â We do not have databases that can be accessed to determine whether a person actually exists.Â We do not, for the most part, produce birth certificates, social security cards, or, in some cases, driver's licenses that can be authenticated.Â We do not have the ability to tie most of these breeder documents to the bearer biometrically.Â

The birth certificate is both the start and the heart of the problem.Â Over 100 million birth certificates are issued in this country each year, and in about a dozen states, they are public documents available to anyone who wants a copy.Â Even in states that ask for some indication of entitlement the controls are very weak.Â We cannot readily verify the validity of a birth certificate, nor can we be sure that it belongs to the person presenting it.Â Very good false birth certificates are readily available over the Internet or (in certain geographical areas) from open document markets.Â These birth certificates can then be used to obtain other legitimate documents, such as driver's licenses, Social Security cards, and potentially even passports.Â Most issuers of legitimate documents have made little or no investment in the few available technologies that could help them detect bad breeder documents.Â For example, virtually no organization other than the U.S.Â Department of State has been willing to incorporate chip technology intoÂ documents issued to members of the public.Â

Solving these problems can be expensive, and the solutions could take many years to implement.Â Some are sure to raise sensitive issues regarding identity information.Â One of the more comprehensive solutions involves capturing DNA, tying it to a birth certificate, and linking other biometric information (such as facial images, fingerprints, or retinal images) to the DNA.Â Another option is to require that older documents be reissued and tied to a rigorousÂ identity-proofing process before a driverâ€™s license or passport can be obtained.Â These solutions may require that national standards be set for a variety of documents issued by state and local governments.Â Perhaps most difficult and controversial of all, such solutions could involve the creation of central databases that contain not only vital records but also biometric measures that tie the records to a specific individual.Â Such databases could be used to verify not only the existence of a document but also that the presenter is the trueÂ owner of the identity to which the document attests.Â

A more workable interim solution may be to require new identity document applicants to go through a rigor